Summary
The remote host is running 'My Little Forum', a free CGI suite to manage discussion forums.
This PHP/MySQL based forum suffers from a Cross Site Scripting vulnerability.
This can be exploited by including arbitrary HTML or even JavaScript code in the parameters (forum_contact, category and page), which will be executed in user's browser session when viewed.
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- /cgi-bin directory browsable ?
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability